Last Updated: January 14, 2020

Message from Stu Sjouwerman, CEO
Stu Sjouwerman, CEOWe pride ourselves on our culture and our reputation. When it comes to our ethics, we do not allow the bottom-line to shift our decision making and consider the greater good for all parties. As both a leader and a pioneer in an industry that helps organizations secure their networks, we know that assets come in all shapes and sizes, whether it be personal information, financial information, or national security. We develop and provide the tools that help organizations fight against cybercrime and enable their employees to make smarter security decisions, every day. Your trust is essential to our business. This Code of Ethical Business Conduct serves to encompass our commitment to ensuring compliance and ethical behavior in all that we do.

Stu Sjouwerman, CEO

Code of Ethical Business Conduct
KnowBe4, Inc., and its affiliates, (collectively, “KnowBe4”, “We”, “Us”, “Our”) take pride in fostering a culture that encourages high ethical standards of business conduct. We are committed to carrying out Our business in a legal, ethical, transparent, and socially responsible manner. As a company with global operations, ensuring compliance with all applicable laws in all countries in which We conduct business is a top priority. Gaining the trust of Our customers, vendors, employees and the community starts with a culture based on these fundamental values.

Compliance with Applicable Law
We strive to maintain awareness of, and compliance with, the laws, regulations, rules, controls, and orders applicable to our business in all jurisdictions in which We conduct business including, but not limited to, the following:

  • Trade controls, as well as applicable export, re-export, and import laws and regulations;
  • Antitrust and fair competition;
  • Insider Trading;
  • Marketing and advertising;
  • Bribery, corruption, money laundering, terrorist financing, and prohibited business practices, including but not limited to: (i) the Foreign Corrupt Practices Act, the United Kingdom Bribery Act, and other anti-corruption laws; (ii) laws governing lobbying, gifts, and payments to public officials; and (iii) political campaign contribution laws;
  • Labor, immigration, health and safety, hiring and employment practices;
  • Environmental practices, as applicable; and
  • Data protection and information security.\

We make efforts to ensure compliance with the Foreign Corrupt Practices Act (U.S.), UK Bribery Act, and all other applicable bribery and anti-corruption laws. We are truthful and transparent in our business interactions and do not tolerate the promise, acceptance, or offering of bribes, kickbacks and all other means of obtaining an undue or improper advantage, such as gifts, payments, fees, services, discounts, valued privileges or other favors where these would, or might appear to, improperly influence a business transaction.

We do not tolerate any form of corruption, extortion or embezzlement. We believe in fair business dealings and do not partake in unfair business dealings or advantages through the abuse of privileged information, misrepresentation of material facts, or any other unfair or dishonest practices.

Trade Compliance
We take measures to comply with the various economic sanctions programs and export control requirements administered by the United States, and other jurisdictions where We conduct business. Such laws prohibit KnowBe4 from participating in certain transactions involving restricted countries or parties, be it directly, or indirectly through third parties.

We do not provide, sell, ship, or otherwise transfer any KnowBe4 products, services, technology, or technical data to any of the following:

  • Parties targeted for boycotts, embargoes, sanctions, or other similar measures by the United Nations Security Council;
  • Parties appearing on the European Union’s Consolidated Sanctions List; the United Kingdom’s List of Consolidated Financial Sanctions Targets;
  • Parties appearing on the Denied Parties List, Entity List, and Unverified List administered by the U.S. Commerce Department;
  • Parties appearing on the sanctions lists administered by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) and the U.S. State Department;
  • Countries or regions subject to U.S. embargoes or sanctions including, but not limited to, Cuba, Iran, North Korea, Syria, and the disputed Crimea Region; or
  • Parties that are at least 50% owned or controlled by parties subject to sanctions programs administered by OFAC, whether individually or in the aggregate.

We comply with the laws, regulations and orders relating to: (i) the Export Administration Act of 1979, as amended (50 U.S.C. app. 2401-2420) and the Export Administration Regulations, 15 C.F.R. §§ 730-774 (“EAR”); (ii) the Arms Export Control Act, 22 U.S.C. § 2778, and the corresponding International Traffic in Arms Regulations (“ITAR”); (iii) the economic sanctions laws and regulations enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), 31 C.F.R. Part 500 et seq., and the U.S. Department of State; and (iii) the anti-boycott regulations, guidelines, and reporting requirements under the Export Administration Regulations and Section 999 of the Internal Revenue Service Code.

We do not tolerate or engage in activity that directly or indirectly contributes to the Arab League Boycott or other unsanctioned boycotts during the course of its business dealings.

Charitable and Political Contributions
We do not solicit third parties for charitable donations as a suggestion that such charitable donation may affect their business or future with Us and We comply with U.S. federal law that prohibits Us from making contributions or expenditures in connection with federal elections. As each U.S. state has additional laws, rules, and regulations governing political contributions in state and local elections, We make efforts to comply with the laws in the jurisdiction(s) in which We do business. These state and local laws may or may not allow corporate contributions to candidates for state and local office. As the application of these laws may vary from one location to the next, it is Our usual practice not to make political contributions or use any of Our funds, assets, or other resources to benefit any political candidates, parties, or related organizations. This includes campaign committees and Political Action Committees (“PACs”) using separate, segregated funds, as well as special interest groups or other organizations engaged in political fundraising or lobbying activities, including those organized under Section 527 of the U.S. Internal Revenue Code (“527 Organizations”).

In addition to U.S. laws, regulations and orders, We also follow the laws, regulations, and orders applicable to other jurisdictions outside of the U.S. that We conduct business in prohibiting similar activity.

Conflicts of Interest
We encourage our representatives to avoid situations where personal interests may interfere with the business interests of KnowBe4. We expect Our representatives to always act in the best interest of KnowBe4 and to not allow outside interests to interfere with their duties or obligations to KnowBe4. We take measures to ensure that Our representatives do not use their positions or relationship with KnowBe4's current or potential customers, partners, vendors, suppliers, consultants, or any other party that has a relationship with KnowBe4 for personal gain or to obtain benefits for themselves or members of their family.

Antitrust & Fair Competition
We take measures to comply with antitrust/fair competition laws applicable to Our business activities in all jurisdictions in which We operate. Accordingly, We do not unlawfully: (i) enter into any agreement with any of Our competitors with regard to price, terms or conditions of sale, production, distribution, territories, or customers; or (ii) exchange or discuss with any of Our competitors pricing, marketing plans, manufacturing costs, or other competitive information, amongst other measures required by applicable law.

Insider Trading
We do not tolerate the buying or selling of securities based on material, nonpublic information by either directly or indirectly, such as through a friend, spouse, or broker. As criteria for insider trading may vary by jurisdiction, we strive to comply with all such laws applicable to the jurisdiction(s) in which we operate.

Immigration, Hiring and Employment Practices
We comply with applicable national, state, and local laws forbidding discrimination in employment, such as on the basis of race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, sexual orientation, marital status, military/veteran status, mental or physical disability, genetic information, citizenship status, political affiliation or membership in any other group protected by national, federal, state, or local law as it may vary by jurisdiction.

We take measures to:

  • Verify the identity and employment eligibility including, but not limited to, verification of age eligibility and legal status of foreign workers; and
  • Maintain a reliable system to verify that there are no known risks with Our employees in light of their job duties including, but not limited to, standard background checks or other such verifications that are common and lawful based on industry and jurisdiction.

We make efforts to comply with national, state and local minimum working age laws and requirements. All labor is voluntary. We do not support or engage in child labor or forced labor. We also do not support or engage in any: prison labor, indentured labor, bonded labor, or otherwise.

We adhere to the regulations prohibiting human trafficking and comply with all applicable local laws in the countries in which We operate. This includes refraining from engaging in any human trafficking-related activities such as procuring commercial sex acts, using child labor, and using forced labor. We also avoid partaking in misleading or fraudulent employment practices.

Health and Safety
We take measures to contribute to a safe and healthy working environment. We strive to prevent accidents and injuries in accordance with national, state, and local laws.

Data Protection and Information Security
We pride ourselves on our security and data handling practices. We make efforts to protect data and confidential information against unauthorized use, modification, loss, compromise, destruction, or disclosure of, or access to, such data (“Security Incident”). We have implemented measures, policies and procedures intended for the detection and response to Security Incidents. Such measures take into consideration the nature, scope, context, and purposes of KnowBe4’s data handling policies, practices and procedures.

For more information about our data protection and security practices, see the links below (or other such links that we may provide from time to time on our website -

Accurate Records
We make efforts to fully and accurately record all business transactions and maintain those records per applicable retention guidelines.

We provide mechanisms for reporting, in good faith, suspected violations of the law. Such reports are treated as confidential to the extent reasonably possible for conducting an investigation, and We do not tolerate retaliation for reports made in good faith. As Whistleblower laws vary by country, We encourage those reporting to follow the reporting procedures as lawful and customary in the jurisdiction in which they are reporting from.

Get the latest about social engineering

Subscribe to CyberheistNews